EMAIL AND SOCIAL ENGINEERING SERVICES
At SPI, we know that frequently the biggest security "holes" involve the human aspect of business- namely, employees knowingly or unknowlingy divulging confidential employer information which could compromise the security of the client network and corporate environment. We have designed a two part strategy for our clients for Email and Onsite Social Engineering to investigate and correct this problem.
Email is a powerful social and business tool but one frequently abused/misused by employees. Many times the security breach is not malicious, but unintentionally done or carelessly done. Our intent is to email targeted personnel to attempt to get them to, through email contact, divulge bank information, customer information, etc. to our investigator. We work through several attempts, noting all actions and reactions of the targeted person, along with our line of inquiry and methods of inquiring sensitive information to them.
The remote Social Engineering engagement involves the manipulation of the organizations by telephone or email in an attempt to get employees to divulge user names, passwords, customer NPPI or other confidential information.
The remote engagement techniques typically include:
The remote engagement tests for the following vulnerabilities:
If the client has employee security training, we would study this to test the targeted employee to ascertain their level of understanding of security responsibilities regarding /customer/sensitive information when attempting to gain unauthorized information. Full details are documented of all steps taken during this set of attempts, which could occur over days or a few weeks, depending on the reaction of the employee to the attempts. All findings would be documented in our usual fashion with a written and electronic outbrief of the findings and security risks we see posed by the reaction of the employee.
Onsite Social Engineering:
The onsite engagement techniques typically include:
The onsite engagement tests for the following vulnerabilities:
Please contact us at email@example.com for more information or contact us at 262-942-3626.